
CVE-2024-28151
https://notcve.org/view.php?id=CVE-2024-28151
06 Mar 2024 — Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it. Jenkins HTML Publisher Plugin 1.32 y versiones anteriores archiva enlaces simbólicos no válidos en directorios de informes de agentes y los recrea en el controlador, lo que permite a los atacantes con permi... • http://www.openwall.com/lists/oss-security/2024/03/06/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2024-28150
https://notcve.org/view.php?id=CVE-2024-28150
06 Mar 2024 — Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins HTML Publisher Plugin 1.32 y versiones anteriores no escapan a los nombres de trabajos, nombres de informes y títulos de páginas de índice que se muestran como parte del frame del informe, lo que genera una vulnerabilidad de Cross-Site Scr... • http://www.openwall.com/lists/oss-security/2024/03/06/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-28149 – jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin
https://notcve.org/view.php?id=CVE-2024-28149
06 Mar 2024 — Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists. El complemento Jenkins HTML Publisher 1.16 a 1.32 (ambos inclusive) no sanitizada adecuadamente la entrada, lo que permite a los atacantes con permiso Elemento/Configurar implementar ataques de Cross-Site Scripting (XSS) y determinar si ... • http://www.openwall.com/lists/oss-security/2024/03/06/3 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •